Cybersecurity: Crime and Espionage

Questions Someone Should Ask DOD About Its Report on Chinese Cyber-Operations

By Jack Goldsmith
Tuesday, May 7, 2013, 2:12 PM

As Paul noted, a new Pentagon Report to Congress states:

In 2012, numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military. These intrusions were focused on exfiltrating information.  China is using its computer network exploitation (CNE) capability to support intelligence collection against the U.S. diplomatic, economic, and defense industrial base sectors that support U.S. national defense programs.

Note that the actions complained about are cyber-exploitations, not cyber-attacks.

I would hope that a journalist asks someone in the Pentagon these questions:

  • Is the United States engaged in similar cyber-exploitations “to support intelligence collection against [China's] diplomatic, economic, and defense industrial base sectors that support [China's] national defense programs"?
  • If not, why not? 
  • If so, what are you complaining about?
  • Is the complaint that China is doing a better job at cyber-espionage related to national defense programs than the United States?
  • How much of DOD’s worries are grounded in China’s motives for cyber-exploitations?  In particular, to what extent are USG worries about China's cyber-exploitations really grounded in, as the Report states, (a) concerns that the exploitations might help China’s military planners to build “a picture of U.S. network defense networks, logistics, and related military capabilities that could be exploited during a crisis,” and (b) concerns that “the accesses and skills required for these intrusions are similar to those necessary to conduct computer network attacks”?
  • Is the United States not similarly engaged in cyber-espionage of China’s national defense programs with an eye toward U.S. national defense, and might not the skills behind U.S. cyber-intrusions be "similar to those necessary to conduct computer network attacks”?  How are China’s motives different from ours?